Your Server May Be Open To Ransomware Exploits

The hacking community seems to have found another viable business model, this time, in the form of ransomware. Given the success that hackers have been finding with this type of attack lately, they’ve upped their game, and have begun to experiment with and vary their approach when getting ransomware onto target machines.

Samsam, a variant form of ransomware, is the result of just such an experiment, made noteworthy by the method used to see it installed onto a target machine.

Unlike so many other types of malware, which rely on phishing techniques to attempt to trick a user into opening an email and clicking a link, Samsam attacks by finding its way onto your server itself. The hackers employ a legitimate penetration tool called Jexboss, and use this tool to exploit servers that are running Red Hat’s JBoss application server.

The interesting thing to note here is that JBoss isn’t used by end users, so this signals a very clear intent by the hacking community to specifically target businesses with this type of attack.

So far, it certainly seems to be working. Last year saw a record number of ransomware attacks, and this year is on track to be even bigger. Although there are no firm statistics on the number of such attacks that ultimately lead to payout (payment is generally demanded in untraceable BitCoins), given the difficulty of unlocking a computer afflicted by ransomware, it’s a safe bet that the percentages are fairly high.

What this ultimately points to though, is continued increasing sophistication among the hacking community. Their attacks are getting more and more advanced, and as they do, they also get harder and harder to stop. If you haven’t yet taken internet and data security seriously at your company, the time is now. If you’re not sure where to start, or how to proceed, contact a member of our team, and we’ll be happy to help, first by assessing your current system, and then, by making specific recommendations on how and where to improve.